How do SSL certificates work?

 How do SSL certificates work?

This is a process which is also known as 'SSL Handshake.'
The process works like this:
1. A browser or server attempts to connect to a website (i.e., a webserver) secured 2.
with SSL.
2. The browser or server requests that the webserver identifies itself.
3. The webserver sends the browser or server a copy of its SSL certificate in response.
4. The browser or server checks to see whether it trusts the SSL certificate. If it does, it signals this to the webserver.
5. The webserver then returns a digitally signed acknowledgment to start an SSL encrypted session.
6. Encrypted data is shared between the browser or server and the webserver.
This whole handshake happens within a few milliseconds. When a website is secured by an SSL certificate, the acronym HTTPS appears in the URL. A padlock icon will also display in the URL address bar. This signals trust and provides reassurance to the visitors of the website. Without an SSL certificate, only the letters HTTP will appear.
_
_
👉👉👉 What are the types of SSL certificates?
There are different types of SSL certificates, each represents different validation level:
1. Extended Validation certificates (EV SSL)
This is the highest-ranking and most expensive type of SSL certificate. It tends to be used for 'HIGH PROFILE' websites which collect data and involve online payments. When installed, this SSL certificate displays the padlock, HTTPS, name of the business, and the country on the browser address bar. Displaying the website owner's information in the address bar helps distinguish the site from malicious sites.
To set up an EV SSL certificate, the website owner must go through a standardized identity verification process to confirm they are authorized legally to the exclusive rights to the domain. The review process may include elements such as:
➢ Documents verifying the identity of the applicant
➢ Corporate documents of the business
Also, the information is checked against information provided by an independent third party, which serves to confirm its validity.
2. Organization Validated certificates (OV SSL)
OV SSL certificates tend to be the second most expensive (after EV SSLs), and their primary purpose is to encrypt the user's sensitive information during TRANSACTIONS. Commercial or public-facing websites must install this type of SSL certificate to ensure that any customer information shared remains confidential, such as Debit or Credit Card info, etc.
This version of SSL certificate has a similar assurance similar level to the EV SSL certificate. As the website owner or organisation needs to complete a substantial validation process to get this certification. The info they need include where the organisation is physically located and its domain name. This type of certificate also displays the website owner's information in the address bar to distinguish from malicious sites.
3. Domain Validated certificates (DV SSL)
This SSL certificate type is one of the least expensive and quickest to obtain. They tend to be used for 'BLOGS' or 'informational' websites – i.e., which do not involve data collection or online payments. The browser address bar only displays HTTPS and a padlock with no business name displayed.
The validation process only requires website owners to prove domain ownership by responding to an email or phone call. The validation process to obtain this SSL certificate type is minimal, and as a result, Domain Validation SSL certificates provide lower assurance and minimal encryption.
4. Wildcard SSL certificates
Wildcard SSL certificates allow you to secure 'a base domain' and unlimited 'sub-domains' on a single certificate. If you have multiple sub-domains to secure, then a Wildcard SSL certificate purchase is much less expensive than buying individual SSL certificates for each of them.
Wildcard SSL certificates have an asterisk * as part of the common name, where the asterisk represents any valid sub-domains that have the same base domain. For example, a single Wildcard certificate for *yourdomain.com can be used to secure:
crm.yourdomain[.]com
payments.yourdomain[.]com
blog.yourdomain[.]com
mail.yourdomain[.]com
download.yourdomain[.]com
anything.yourdomain[.]com, etc.
5. Multi-Domain SSL Certificate (MDC)
A Multi-Domain certificate can be used to secure many domains and/or sub-domain names. This includes the combination of completely unique domains and sub-domains with different TLDs (Top-Level Domains), EXCEPT for local/internal ones.

Comments

Post a Comment

Popular posts from this blog

Kali Linux Commands for Ethical Hacking Tools

  🔥 Kali Linux Commands for Ethical Hacking Tools Here’s a complete list of Kali Linux tools and their commands, categorized by Reconnaissance, Scanning, Exploitation, Wireless Attacks, Password Cracking, and Post-Exploitation . 🕵️ 1. Reconnaissance (Information Gathering) WHOIS Lookup sh Copy Edit whois example.com Get domain information. DNS Enumeration sh Copy Edit dig example.com nslookup example.com host example.com Find subdomains & DNS records. Subdomain Discovery sh Copy Edit sublist3r -d example.com List subdomains of a target. Network Scanning (Nmap) sh Copy Edit nmap -sS -p 1-65535 example.com nmap -A -T4 example.com Scan open ports & services. Netcat (Banner Grabbing & Reverse Shell) sh Copy Edit nc -v example.com 80 nc -lvnp 4444 🌐 2. Web Application Security Nikto (Web Vulnerability Scanner) sh Copy Edit nikto -h http://example.com Scan for vulnerabilities. SQL Injection (SQLmap) sh Copy Edit sqlmap -u "http:/...
Read more

A business-level SSL certificate typically falls under Organization Validation (OV)

 A business-level SSL certificate typically falls under Organization Validation (OV) SSL or Extended Validation (EV) SSL . These certificates require businesses to undergo a verification process , ensuring they are legally registered and operating. Example of a Business-Level SSL Certificate (EV SSL) 🔹 Common Name (CN): paypal.com 🔹 Organization (O): PayPal, Inc. 🔹 Organizational Unit (OU): Security Department 🔹 Country (C): US 🔹 State (S): California 🔹 Locality (L): San Jose 🔹 Issuer: DigiCert Inc 🔹 Certificate Type: Extended Validation (EV) SSL 💡 How to Identify a Business-Level SSL Certificate: Check the Certificate Details: Click the padlock icon in the browser’s address bar. View "Certificate (Valid)" → "Details" . Look for the Organization (O) field —it should contain a real business name . Extended Validation (EV) SSL Indicators: Some browsers (e.g., older versions of Safari) highlight the company name in the...
Read more